Nmap

Get the standard ports and run all the scripts and checks on them:

nmap -n -v -sT -A <IP or FQDN> -oN nmap

Get a full TCP scan:

nmap -n -v -sT -p- -Pn -A -T5 -sC <IP or FQDN> -oN nmap

Get a SYN scan:

<aside> ℹ️

The SYN scan sends a SYN packet (which is the first part of the TCP handshake sequence) to a port, and analyzes the response to determine whether the port is open, closed, or filtered.

</aside>

nmap -v -A -O -p- -T4 -Pn -sS -sC <IP or FQDN> -oN nmap

• Options explanation

Get Stealth Scan:

nmap -v -A -O -p- -T4 -Pn -sS -sC <IP or FQDN> -oN nmap --scan-delay 3s --max-parallelism 1 -Pn

AutoRecon - by Tib3rius

Tib3rius/AutoRecon: AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.

Network Recon - by padowla

If you have a list of computer and you want to test if a specific port is reachable, you can use this Powershell script that do the work for you!

• All parameters passed in command line: input/output file, port, (timeout & encoding are optional)
• Flushes results to CSV immediately (Out-File -Append).
• Fast TCP check using System.Net.Sockets.TcpClient with a timeout.